AMENDMENTS TO THE CLAIMS 



1. (Currently Amended) A method of providing access to services across a computer 
network, comprising the step of: 

generating an authentication, authorization and access request by a requesting network 
access device through which, upon a successful authentication and authorization 
of an end user device to the computer network, the end user device can obtain 
access to network resources, said authentication, authorization and access request 
comprising a requesting network access device description and a plurality of 
service requests indicative of computer services for which the requesting network 
access device requests provisioning; 

wherein the requesting network access device description includes one or more of: a 

requesting network access device vendor, a requesting network access device type 
and a requesting network access device version; 

wherein the authentication, authorization and access request is a RADIUS packet 

comprising Vendor Specific Attribute (VSA) blocks, in which the requesting 
network access device description is stored; and 

forwarding, to an authentication, authorization and access-control server, said 
authentication, authorization and access request for authentication and 
authorization of the end user device to the computer network, and for 
reconfiguring the authentication, authorization and access-control server by 
storing a dependence between the authentication, authorization and access request 
and the requesting network access device; 

wherein the method is performed by one or more processors. 

2. (Currently Amended) A method according to Claim 1 in which the access request is a 
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3. (Previously Presented) A method according to Claim 2 in which each said block contains 
a requesting network access device-type identifier and a service-request identifier. 

4. (Original) A method according to Claim 2 in which the packet is a RADIUS-compliant 
authentication request packet. 

5. (Canceled) 

6. (Original) A method according to Claim 1 in which the service requests include a request 
for a particular service level. 

7. (Original) A method according to Claim 1 in which a policy is applied to the access 
request to determine whether access will be allowed, and if so for what services. 

8. (Previously Presented) A method according to Claim 1 in which said network resources 
are provisioned in dependence upon the access request. 

9. (Original) A method according to Claim 1 in which the steps of receiving and applying 
are performed by an access-control server or an Authentication, Authorization and Audit 
(AAA) server. 

10. (Original) A method according to Claim 9 in which the access-control server uses the 
access request to select among multiple services that are specified for a particular device. 

1 1 . (Currently Amended) A network device arranged to provide access to services across a 
computer network, comprising: 

one or more processors: 

a non-transitory computer-readable storage medium storing one or more sequences of 
instructions, which when executed by the one or more processors, cause the one 
or more processors to perform: 
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means for generating an authentication, authorization and access request by a requesting 
network access device through which, upon a successful authentication and 
authorization of an end user device to the computer network, the end user device 
can obtain access to network resources, said authentication, authorization and 
access request comprising a requesting network device description and a plurality 
of service requests indicative of computer services for which the requesting 
network access device requests provisioning; 

wherein the requesting network access device description includes one or more of: a 

requesting network access device vendor, a requesting network access device type 
and a requesting network access device version; 

wherein the authentication, authorization and access request is a RADIUS packet 

comprising Vendor Specific Attribute (VSA) blocks, in which the requesting 
network access device description is stored; and 

means for forwarding, to an authentication, authorization and access-control server, said 
authentication, authorization and access request for authentication and 
authorization of the end user device to the computer network, and for 
reconfiguring the authentication, authorization and access-control server by 
storing a dependence between the authentication, authorization and access request 
and the requesting network access device. 

12. (Currently Amended) A network device according to Claim 1 1 including means to 
generate RADIUS compliant packets, in which the service requests beiag - are defined by 
information contained within Vendor Specific Attribute ( the VSA4 blocks in this said 
packet. 

13. (Currently Amended) A network device, comprising: 
one or more processors; 

a network interface capable of being coupled to a requesting network access device and a 
computer network and for sending to the network access requests, a processor and 
a computer-readable storage medium having one or more stored sequences of 
instructions which, when executed, cause the processor to perform the steps of: 
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generating an authentication, authorization and access request by the requesting network 
access device through which, upon a successful authentication and authorization 
of an end user device to the computer network, the end user device can obtain 
access to network resources for forwarding via the network interface, said 
authentication, authorization and access request comprising a requesting network 
access device description and a plurality of service requests indicative of 
computer services for which the requesting network access device requests 
provisioning; 

wherein the requesting network access device description includes one or more of: a 

requesting network access device vendor, a requesting network access device type 
and a requesting network access device; 

wherein the authentication, authorization and access request is a RADIUS packet 

comprising Vendor Specific Attribute (VSA) blocks, in which the requesting 
network access device description is stored; and 

forwarding, to an authentication, authorization and access-control server, said 
authentication, authorization and access request for authentication and 
authorization of the end user device to the computer network, and for 
reconfiguring the authentication, authorization and access-control server by 
storing a dependence between the authentication, authorization and access request 
and the requesting network access device. 

14. (Currently Amended) A network device according to Claim 13 in which the access 
request is received as a RADIUS packet, the service requests beiftg -are defined by 
information contained within Vendor Specific Attribute ( the VSA4 blocks in this said 
packet. 



15. (Previously Presented) A network device according to Claim 14 in which each said block 
contains a requesting network access device-type identifier and a service-request 
identifier. 
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16. (Original) A network device according to Claim 14 in which the packet is a RADIUS- 
compliant authentication request packet. 

17. (Canceled) 

18. (Original) A network device according to Claim 13 in which the service requests 
include a request for a particular service level. 

19. (Currently Amended) A computer system comprising 

an access-control server for controlling access to resources on the network when 
requested by requesting network access devices, the access-control server being arranged: 

(a) to receive an authentication, authorization and access request by a requesting 
network access device through which, upon a successful authentication and 
authorization of an end user device to the computer network, the end user device 
can obtain access to network resources, said authentication, authorization and 
access request comprising a requesting network access device description and a 
plurality of service requests indicative of computer services for which the 
requesting network access device requests provisioning; 

wherein the requesting network access device description includes one or more 
of: a requesting network access device vendor, a requesting network 
access device type and a requesting network access device version; 

wherein the authentication, authorization and access request is a RADIUS packet 
comprising Vendor Specific Attribute (VSA) blocks, in which the 
requesting network access device description is stored; and 

(b) to apply a policy to the authentication, authorization and access request to 
determine whether the end user device can access the computer network, and if so 
for what services; 

(c) to reconfigure the access control server by storing a dependence between the 
authentication, authorization and access request and the requesting network access 
device. 
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20. (Original) A computer system according to Claim 19 in which the access control server 
instructs the provisioning of network resources in dependence upon the access request. 

21. (Original) A computer system according to Claim 19 in which the access-control server 
is an Authentication, Authorization and Audit (AAA) server. 

22. (Original) A computer system according to Claim 19 in which the access-control server 
uses the access request to select among multiple services that are specified for a particular 
device. 

23. (Currently Amended) A computer-readable non- transitory storage medium storing a 
sequence of instructions which, when executed by one or more processors, causes said 
processor or processors to perform the steps of: 

generating an authentication, authorization and access request by a requesting network 
access device through which, upon a successful authentication and authorization 
of an end user device to the computer network, the end user device can obtain 
access to network resources, said authentication, authorization and access 
comprising a requesting network access device description and a plurality of 
service requests indicative of computer services for which the requesting network 
access device requests provisioning; 

wherein the requesting network access device description includes one or more of: a 

requesting network access device vendor, a requesting network access device type 
and a requesting network access device version; 

wherein the authentication, authorization and access request is a RADIUS packet 

comprising Vendor Specific Attribute (VSA) blocks, in which the requesting 
network access device description is stored; and 

forwarding, to an authentication, authorization and access-control server, said 
authentication, authorization and access request for authentication and 
authorization of the end user device to the computer network, and for 
reconfiguring the authentication, authorization and access-control server by 
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storing a dependence between the authentication, authorization and access request 
and the requesting network access device. 



24. (Currently Amended) A computer-readable storage medium according to Claim 23 
further including instructions for generating a RADIUS packet, in which the service 
requests being - are defined by information contained within Vendor Specific Attribute ( 
the VSA> blocks in said packet. 

25. (Previously Presented) A computer-readable storage medium according to Claim 24 
further including instructions for creating within each said block a requesting network 
access device-type identifier and a service-request identifier. 

26. (Previously Presented) A computer-readable storage medium according to Claim 24 in 
which the generated packet is a RADIUS-compliant authentication request packet. 

27. (Canceled) 

28. (Previously Presented) A computer-readable storage medium according to Claim 23, in 
which service requests include a request for a particular service level. 

29. (Previously Presented) A network device as claimed in claim 1 1 or claim 13 comprising 
a requesting network access device which controls end-user device access to a network, 
and which requests services on behalf of one or more said end-user devices. 

30. (Previously Presented) A network device as claimed in claim 1 1 or claim 13 in which 
said requesting network access device requests services for its own use. 
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